SSH quick notes

Quick guide to SSH keys

Set UP SSH Keys

To simplify remote logins you can use ssh keys. Information is stored below "$HOME/.ssh". Starting from scratch on a system execute the command:

ssh-keygen
          -t rsa

This generates a public/private key set. You do this once on a system from which you will want to provide authentication. You will normally choose the default directory. If a pass-phrase is used you need to enter that pass-phrase at least once on the machine requesting authentication. See "ssh-agent" man page for information about keeping an authentication key in memory. If you do not use a pass-phrase things are a bit simpler at the expense of security.

The ssh-keygen command creates files:
.ssh/id_rsa
.ssh/id_rsa.pub

You will copy the .ssh/id_rsa.pub key to another machine. This file can copied as:

scp -p .ssh/id_rsa.pub
          remotesys:.ssh/authorized_keys

If you wish to grant multiple systems remote access you need to cut/paste the id_rsa.pub file from the machine which executed ssh-keygen such that multiple entries are placed in the authorized_keys file. Place entries one per line. You can also append the entry like so:

cat
          ~/.ssh/id_rsa.pub | ssh -l userid hostname "cat -
          >>.ssh/authorized_keys"

The .ssh directory must have permission 700.

The command ssh-copy-id provides a very simple way to copy an ssh key to a remote machine.
Here is an example assuming you have a lab system that grants you root access:

$ ssh-copy-id -i .ssh/id_rsa.pub root@labsys

Connecting To Remote Web Server

You can use an ssh tunnel to connect to a remote web server. This can be handy if you need to perform some remote administration or view web pages on some remote server. The example here shows how you can remotely administer a web server running on a hardware firewall.
Assume you have a hardware firewall connected to a Linux box and forwarding ssh requests to that Linux box like so:
Chain of cable modem, firewall/router, Linux box

Chain of cable modem, firewall/router, Linux box

For this example assume that the firewall/router box has the typical 192.168.1.1 address and runs a web server on port 80 and that it is set up to port forward ssh (port 22) to the Linux box.
Also assume that the IP address assigned by the ISP has given the cable modem an address of 98.97.96.95.

On your local system you run this command:

ssh -L
              8080:192.168.1.1:8

0
              98.97.96.95

Now also on your local system place the following address in your browser:
http://127.0.0.1:8080